We are happy to announce the immediate availability of DOCman 1.5.10 and DOCman 1.4.2!

During the recent holidays, a medium level vulnerability was discovered in DOCman. We found a query that wasn’t being properly escaped and could lead to an SQL Injection. There is no known exploit for this vulnerability and it would be very difficult to create one because there are other security measures in place.

At Joomlatools we are fanatic about security and even if DOCman 1.5.9 has recently been released, we recommend upgrading to 1.5.10 just to be on the safe side.

This vulnerability affects all versions of DOCman prior to 1.5.10. So if you’re using 1.5.9 or older, please upgrade to 1.5.10. If you’re using 1.4.1 or older, please upgrade to 1.4.2.

DOCman 1.5 has a unique permission system allowing you to divide up your documents and categories in such a way that you can deliver them securely and efficiently. One question I’m often asked in my daily role as Support Engineer on the forums is how to get these permissions right.

I took the time and put together a video that outlines a common permission scheme.

Imagine you need to build a school website and they want to make documents available to their students and staff. Of course the students are not allowed to access documents of the staff. While all staff people are registered users, students are a mix between registered users and guests.

Joomlatools would like to announce the immediate availability of DOCman 1.5.8 and DOCman 1.4.1.

Recently a medium level vulnerability was discovered in DOCman. A user with editing permissions can potentially access confidential data. The following versions of DOCman are affected: 1.3.x, 1.4.x up to 1.4.0.stable, 1.5.x up to 1.5.7. Upgrading to either 1.4.1 or 1.5.8 resolves the issue.

Even though this is only a medium level vulnerability that will only affect a small percentage of sites, we recommend everybody to upgrade as soon as possible.

Whether you are running an intranet or a public website, as an administrator, you often need to keep a close eye on what your users are doing. Especially when they are allowed to edit documents or upload new files. With DOCman Notify, it’s easy to set up email notifications. Notify is part of the DOCman Productivity Pack. Tom made another great video tutorial, showing how it’s done.

Don’t forget to enable the plugin. If you want turn of notifications later, just disable it again

In the “Send to” field, enter your email address

If you want to send to multiple recipients, separate the email addresses with the pipe symbol “

”

Turn on the notifications you wish to receive. The first three options will send an email whenever a user uploads, edits or downloads a document in the front-end of your site. The last option notifies you when a manager or (super) administrator edits a document through the backend interface.

Save the plugin settings

Try one of the upload, edit or download actions that you enabled

Check your inbox. The email contains all kinds of useful info about the user, the document and the file.

Advanced customization

If you don’t like the look of the email, or you want it to have a different set of information, you can easily do so by modifying the email template. The /plugins/docman/notify/templates folder contains two php files, one for the email body and one for the footer. They contain standard html and css, plus a couple of php variables. If you have some html experience, you should have no problem editing these to your liking.

It’s your workflow

Every organization has their own workflow needs. DOCman’s flexible plugin system allows developers to add workflow rules and behavior to DOCman, and in fact, DOCman Notify is great example to start from. We’d love to hear how you use DOCman, and how you would like to see it improved.